Introduction
This document describes the process of SAML Certificate renewal process for Secure Access.
Problem
You must update your Identity provider (IdP) with the new Secure Access Security Assertion Markup Language (SAML) certificate before the expiration date (Annually Expired June time frame). Updating this certificate is essential to avoid SAML user authentication failures and loss of Internet access for these users, unless your IDP has already been configured to monitor the Secure Access SAML metadata URL provided below.
Solution
Step 1: Verify If your SAML IDP request signature validation, If this option is disabled, no further actions is required. you can skip the rest of the process and continue using the SAML services normally.
Step 2: If SAML IDP request signature validation, download the new certificate from the Secure Access Documentation Page -> Security Notices -> Security Advisories, Responses and Notices -> (Secure Access Notification - SAML Authentication Certificate Expiring).
Step 3: Login to your SAML IDP, and replace the current SAML Certificate.
Azure SAML Certificate Settings
This is an Example of replacing Azure SAML IDP Certificate..
Step 1: Login to Azure Portal.
Step 2: Find your SAML SSO Profile and Click on Edit.
Step 3: Verify you have Certificate signing request validation under (Single Sign On) settings.
A. Validation is Disabled (No Actions Required):
B. Validation is Enabled (replacing certificate is required)
Step 4: Edit the Verification certificate option.
Step 5: Upload the new SAML Certificate which can be found in the announcement referenced in (Secure Access Documentation Page).
Related Information